tenma [Mon, 12 Aug 2019 03:53:43 +0000 (04:53 +0100)]
[CORE] Fix subscription-related functions from the Profile class
The undifined variable $private_stream, from the User class, was causing
undifined behavior from calling requiresSubscriptionApproval. The is_null
test was added to fix this problem.
Diogo Cordeiro [Mon, 12 Aug 2019 03:45:25 +0000 (04:45 +0100)]
[NodeInfo] New endpoint and formula for computing active users
Seriously improved documentation
Now NodeInfo 2.0 is available at /api/nodeinfo/2.0.json
For active users we now also consider favourites and recently created accounts
Some further minor bug fixes and full review of the implementation
Diogo Cordeiro [Tue, 6 Aug 2019 01:52:47 +0000 (02:52 +0100)]
[PEAR][DB] Import some new commits
Patch submitted by XRevan86
[DB/pgsql.php] Change pg_exec to pg_query
Encouraged by http://php.net/manual/en/function.pg-query.php and enables
improved monitoring by New Relic (https://newrelic.com)
[DB.php] changed count to empty for php7.2
[DB/common.php] change to array cast for php72
[CORE] Move public resources to a /public directory
Advantages:
* Increases security by preventing direct access to file/
* We are careful and have a defined('GNUSOCIAL') || die() to prevent
direct access to GS files, but we may miss one or a vendor/extlib may
not be as careful
* Improves directory structure - It's more natural to physically
separate what is public from what are GNU social resources
Diogo Cordeiro [Mon, 12 Mar 2018 03:23:55 +0000 (21:23 -0600)]
[CORE][COMPOSER] Move extlib packages with immediate composer correspondent to composer dependencies
This adds a composer.json for all dependencies that are available
Miguel Dantas [Sat, 29 Jun 2019 19:10:20 +0000 (20:10 +0100)]
[MEDIA][OEMBED] Fixed regression in OEmbed, because it relied on accessing the files directly, which previous commits broke. The File table really should have a bool...
Miguel Dantas [Fri, 28 Jun 2019 00:44:51 +0000 (01:44 +0100)]
[OEMBED][UI] Skip adding an image thumbnail for oembed results if we
don't have a file locally to generate it, which can happen, for
instance, if StoreRemoteMedia is disabled
Miguel Dantas [Wed, 26 Jun 2019 02:27:51 +0000 (03:27 +0100)]
[CORE][UI] Made attachment actions and its subactions be able to identify attachments by id and by filehash. Changed the url stored in the DB to be attachment//view
Miguel Dantas [Wed, 26 Jun 2019 00:54:55 +0000 (01:54 +0100)]
[CORE][UI][ROUTER] Added view action, which inlines images and videos but downloads everything else. Fixed File url to get an URL fromthe view action, so when a making a remote notice, the correct URL is used, not accessing directly to the file
Miguel Dantas [Tue, 25 Jun 2019 22:20:17 +0000 (23:20 +0100)]
[CORE] Attachments and thumbnails aren't accessed directly by the file under the file storage folder, but indirectly from PHP, so that access to the file folder can be blocked in the server config
Miguel Dantas [Tue, 11 Jun 2019 01:42:33 +0000 (02:42 +0100)]
[MEDIA] File downloader now in PHP, added proper name in the UI and changed the format for new attachment file names
The file downloader was changed from a simple redirect to the file to one
implemented in PHP, which should make it safer, by making it possible disallow
direct access to the file, to prevent executing of atttachments
The filename has a new format:
bin2hex("{$original_name}")."-{$filehash}"
This format should be respected. Notice the dash, which is important to distinguish it from the previous
format, which was "{$hash}.{$ext}"
This change was made to both make the experience more user friendly, by
providing a readable name for files, as opposed to it's hash. This name is taken
from the upload filename, but, clearly, as this wasn't done before, it's
impossible to have a proper name for older files, so those are displayed as
"untitled.{$ext}".
This new name is displayed in the UI, instead of the previous name.
Diogo Cordeiro [Sat, 22 Jun 2019 17:57:43 +0000 (18:57 +0100)]
[CORE] Use random_bytes() if available and improve common_confirmation_code() randomness.
With PHP 7 comes the [random_bytes()](https://php.net/manual/en/function.random-bytes.php) and the [random_int()](https://www.php.net/manual/en/function.random-int.php) function which generates cryptographically secure pseudo-random bytes and integers, respectively.